Add a CVE report in json format into each new agent rpm

Our organisation requires us to keep software on latest or latest-1 release of all software.
Due to the rapid release cycle for the static agent rpm (every 2 weeks), this puts a lot of pressure on teams to keep updating the product - we have thousands of servers so this is potentially a massive task.
We have a way to determine if there have been updates to the specific sensor jar files we are using - to determine that we should therefore take a new release.
Another factor in determining whether to take a release is whether any CVEs have been fixed.

It would be extremely useful to have a report generate in JSON which details the CVEs present in the current release, and the CVEs present in the previous release, and the diff between old and new showing if any CVEs have been fixed in the new release or if and CVEs have been introduced in the new release (hopefully the latter would never be the case!)
It would also be useful to list the jar files that have been updated as that can also be used to determine if we need to take the new rpm.

The script we were given by IBM (not supported but a useful script nonetheless) uses trivy to perform a CVE check on 2 rpms and provides the report we have deatiled above in json format.

It would be VERY helpful if IBM could run the script to generate the report and include that report within the agent rpm. This way in our pieplines we can make the determination of whether or not we need to take the new rpm at the earliest stage immediately after downloading and extracting the files from the rpm.

It would also server as a form of release documentation which rather than being put onto a website or into an email advisory note - is present in the actual rpm and available to be used by automations.

This seems a relatively simple requirement to implement - the code already exists, so there's just a need to update the agent rpm release process to include this step and add the report into the rpm.